3 lines
3.6 KiB
JSON
3 lines
3.6 KiB
JSON
{"chapter": "Common Ingress Configuration", "level": 2, "text": "The Ingress Configuration can be performed at various levels:\n- Per Component / Chart\n`ingress.`\n- Per Instance\n`global.ingress.`\n- Per Environment\n`global.environment.ingress.`\nThis enables you to have configuration yaml files per environment (e.g. for DEV, QA and PROD) setting environment defaults.\nYou then do not have to touch the Instance configuration.\nExample:\n```\nhelm upgrade -i \\\n--values $SAMPLES/big-instance.yaml \\\n--values $SAMPLES/applications.yaml \\\n--values $SAMPLES/dev.yaml \\\ndemo nplus/instance-argo\n```\nYou might have your Instance values in the `big-instance` file, the Apps you want to have deployed to that instance\nin the `applications` file, and then you add your default setting for the `dev` stage, potentionally overwriting anything\nfrom the above. The priority in this is *last one wins*.\n> The Values are taken by the chart in the following order:\n> Component, then Instance, then Environment.\nIf no value is set, the configuration is dropped from the manifest.\nIn the following table, you see what value can be defined in which section:\n| Key | Component | Instance | Environment |\n| ---- | ----------- | ----------- | ----------- |\n| domain | ✔︎ | ✔︎ | ✔︎ |\n| issuer | ✔︎ | ✔︎ | ✔︎ |\n| class | ✔︎ | ✔︎ | `public` |\n| enabled | ✔︎ | - | - |\n| backendProtocol | ✔︎ | - | - |\n| cookie | ✔︎ | - | - |\n| inputPath | ✔︎ | - | - |\n| deny | ✔︎ | - | - |\n| whitelist | ✔︎ | ✔︎ | ✔︎ |\n| namespace | ✔︎ | ✔︎ | ✔︎ |\nFor the component ingress, you can specify the following values:\n| Key | Description | Default |\n|-----|-------------|---------|\n| backendProtocol | choose wether you want http or https as the backend protocol. This will encrypt traffic from the ingress controller to your pods if you set it to https. | `\"http\"` |\n| class | sets the ingressclass to use. e.g. `public` or `nginx` | `\"public\"` |\n| cookie | on component level, set cookie affinity for the ingress example: `XtConLoadBalancerSession` for nscale Web | component dependent |\n| domain | sets the ingress domain, like `tenant1.mydomain.com`. If no domain is set, no ingress will be configured automatically | none |\n| enabled | on component level, enable or disable the ingress | component dependent |\n| inputPath | this defines the path (on component level) for this component Example: `nscale_web` for nscale Web | component dependent |\n| issuer | if you use *cert-manager* or any other certificate issuer, you can add the class here to hand certificate issuing requests to this issuer. if you do not set any issuer, the chart will generate a self-signed certificate for your ingress (if you defined a domain) | |\n| deny | you can specify specific paths to be denied by this ingress | component dependent |\n| whitelist | optionally specify a list of allowed ip ranges to use an ingress | not restricted |\n| namespace | when securing the instance with network policies, you can specify the source namespace of the ingress controller | \"ingress\" |\n| annotations | adds extra annotations\n> Please the the FAQ for information about using a DMZ, where additional cluster configuration will be necessary\n"}
|
|
{"chapter": "Annotations", "level": 3, "text": "You can add extra Annotations to the ingress by adding\n```\nglobal:\ningress:\nannotations:\nnginx.org/proxy-connect-timeout: \"30s\"\nnginx.org/proxy-read-timeout: \"20s\"\nnginx.org/client-max-body-size: \"4m\"\nnginx.org/server-snippets: |\nlocation / {\nreturn 302 /coffee;\n}\n```\n"}
|